Oracle has recently identified a significant security vulnerability within its E-Business Suite (EBS), designated as CVE-2025-61884. This flaw, carrying a Common Vulnerability Scoring System (CVSS) score of 7.5, affects versions 12.2.3 through 12.2.14 of the software. The vulnerability resides in the Oracle Configurator component and permits unauthenticated attackers with network access via HTTP to compromise the system, potentially leading to unauthorized access to critical data.
The National Institute of Standards and Technology (NIST) describes this issue as easily exploitable, emphasizing the urgency for organizations to address the flaw promptly. Oracle has confirmed that the vulnerability can be exploited remotely without requiring authentication, underscoring the necessity for immediate action. While there is currently no evidence of this vulnerability being exploited in the wild, Oracle’s Chief Security Officer, Rob Duhart, has highlighted that certain deployments of the E-Business Suite are susceptible and could be targeted to access sensitive resources.
This development follows closely on the heels of another critical vulnerability, CVE-2025-61882, which was exploited by threat actors linked to the Cl0p ransomware group. These attackers leveraged the flaw to deploy malware families such as GOLDVEIN.JAVA, SAGEGIFT, SAGELEAF, and SAGEWAVE, compromising numerous organizations. The exploitation of CVE-2025-61882 involved a combination of Server-Side Request Forgery (SSRF), Carriage-Return Line-Feed (CRLF) injection, authentication bypass, and XSL template injection, enabling remote code execution and the establishment of reverse shells on targeted Oracle EBS servers.
In response to these threats, Oracle has released patches to address both vulnerabilities. Organizations utilizing the affected versions of Oracle E-Business Suite are strongly advised to apply these updates without delay to mitigate potential risks. Additionally, it is crucial for organizations to review their systems for any signs of compromise, especially in light of the recent exploitation activities associated with the Cl0p ransomware group.
The emergence of these vulnerabilities highlights the persistent challenges in securing enterprise software and the importance of proactive vulnerability management. Organizations must remain vigilant, regularly update their systems, and implement robust security measures to protect against unauthorized access and potential data breaches.
